Over the last few weeks, as the Russia-Ukraine crisis has escalated on the ground, concern for Russian cyber-attacks has also increased – not just against Ukraine but anyone in support of Ukraine or doing business with Ukraine. There is also higher risk of cyber-attacks on critical macro infrastructure of Russian adversaries. This could include utilities such as electric grids and energy delivery, as well as healthcare including hospitals and centralized medical networks.
On top of this, another sector at increased risk includes financial systems, particularly larger institutions and fintech platforms, such as SWIFT. This could even trickle down to investment firms due to ties with larger financial institutions. Therefore, it's prudent for investment firms to heighten alertness towards cybersecurity.
The Cybersecurity and Infrastructure Security Agency (CISA), the National Cyber Security Centre (NCSC) and other global agencies are encouraging firms to bolster their cyber resilience. CISA issued a rare cyber “Shields Up” warning shortly before Russian invaded Ukraine, saying “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
Here at Abacus, our Cybersecurity team has been monitoring the developing events and is on heightened alert. We are encouraging our clients to be extra vigilant with suspicious activity, particularly around phishing emails.
In general, this is also a good time for investment firms to review internal cybersecurity policies. Here is a list of good questions for your firm to consider:
Perhaps your firm made some one-off cybersecurity policy exceptions in the last few years without giving proper thought to the ramifications of opening holes in your firm’s cyber defense. Some common decisions that your firm might have been OK with in the past that we recommend you revisit are:
Abacus makes this essential oversight and governance simple for our clients by providing extensive reporting within our abacusPortal. Take this opportunity to review your policies, settings, and incident response procedures. And be sure all your employees are aware of the heightened alert level.
These Stories on Blog